Job Responsibilities:
· Ensuring the compliance of all web, network & infrastructure assets with Kaspersky published documentation including applicable security policies, standards and procedures;
· Making suggestions for improvement of information security processes and mitigation information security risks in APAC & META;
· Collaboration with local divisions (e.g. HR, Finance, IT) to ensure required level of data protection;
· Conducting information security audits in branches;
· Participation in the development of information security training material;
· Active identification of opportunities for communication and organize and perform information security awareness;
· Conduct routine review and maintenance of existing documentation owned by IT related to information security;
· Facilitate the creation and approval of new information security documentation as well as provide input into the framework for that documentation;
· Participate in forensics exercises for information security incidents;
· Gather information for internal audit requests as pertinent to information security;
· Work with the global Security Department team to assist them in ensuring the proper level of security for the regions;
· In-time completion of all tasks identified in remediation plans developed in response to penetration tests and vulnerability assessments;
· Monitor security advisories (e.g. CERT, SANS) for current security exploits and evaluating applicability to Kaspersky systems;
· Ensuring compliance of personal data processing processes with the requirements of local legislation;
· Design and implementation measures related to BCP\DRP as well as related high-level policies. Approval of all BCP\DRP and coordination of all related activities;
· Making suggestions for improvement of compliance processes and mitigation any kind of fraud and economical security risks;
· Organize and support Compliance investigation;
· Organize and support Compliance awareness;
· Monitoring of legislation and best practices in the area of compliance;
· Due diligence of business partners and employees;
· Work with the appeals of employees and anonymous;
· Regular reporting on tasks, achievement and plans.
Requirements:
· Bachelor's or Master's degree in computer science, information security, or a related field.
· 10+ years’ experience in information security management or a related role, with a focus on developing and implementing security programs.
· Strong technical background in implementing and maintaining IT systems.
· Good knowledge of information security frameworks, standards, and best practices including
Zero Trust, XDR, SDN, SIEM, SOAR, SDL.
· Experience working with several countries in Asia Pacific region
· Experience in improvement of information security processes and organization of IS awareness programs
· Audit experience in personal data and information security standards area.
· Experience in developing corporate policies related to information security.
· Experience in conducting risk assessments, vulnerability assessments, and participating in incident response activities
· Strong communication and interpersonal skills
· Strong Project Management skills
· Demonstrated ability to assist in driving information security initiatives and providing technical expertise to support security strategies
· Solid analytical and problem-solving skills, with the ability to contribute to risk-based decision-making processes
· CISSP or CISM certificate is obligatory
· The one of following certificate: CISA, GDPR Foundation, ISO 27001 Auditor will be your advantage